Post on 20-Apr-2018
CONTENTS
1 History of CyberSecurity in the Philippines
23
The National CyberSecurity Governance Framework
The National CyberSecurity PlanStrategic DriversFocal Areas – Critical Infostructure, Government,
Businesses, and IndividualsKey Enablers – Manpower, Industry, R&D, Domestic
and International Collaboration
CONTENTS
4 Key Strategic Imperatives
5 Strategic Collaboration
Enhance Security and Resilience of CII and government public and military networks to deal with sophisticated attacksIncrease efforts to promote adoption of CyberSecurity measures among individuals and businessesGrow Pool of CyberSecurity Experts
National Level CommitteePublic-Private PartnershipInternational Collaborations
2000 2001 2003 2005 2007RA 8792, Electronic Commerce Act of 2000
Creation of PHCERTConvention on Cybercrime/ Budapest Convention
Creation of Computer Crime Section of the PNP
Growing number of hacking attacks
& cybercrimes were recorded
I Love YouVirus
First cybercrime conviction under
the E-Commerce Law
Growth in cybersex and
child trafficking cases
HISTORY OF CYBERSECURITY IN THE PHILIPPINES
2009 2012 2014 2015 2016RA 9775,Anti-Child Pornography Act of 2009RA 9995,Anti-Photo and Video Voyeurism Act of 2009
RA 10175, Cybercrime Prevention Act of 2012
RA 10173, Data Privacy Act of 2012
RA 10175 suspension lifted
DOJ Reported that 9 out of 10 Filipinos
are victims of various forms of
cybercrime ranging from hacking attacks
to online scams
Election Breach
Bank Heist
EO 189 s. 2015, Creating the National CybersecurityInter-Agency Committee
HISTORY OF CYBERSECURITY IN THE PHILIPPINES
RA 10844, Department of Information and Communications Technology Act
1992
1998
2000
2003
2004
2009
2012
Laws enacted that are technology-related
1992
1998
2000
2003
2004
2009
2012
RA 7610Special Protection of Children
against Abuse Act
1992
1998
2000
2003
2004
2009
2012
RA 8484
Access Devices Regulation Act
1992
1998
2000
2003
2004
2009
2012
RA 8792
ElectronicCommerce Act
1992
1998
2000
2003
2004
2009
2012
RA 9208
Anti-Trafficking Act
1992
1998
2000
2003
2004
2009
2012
RA 9262Anti-Violence against
Women and Children Act
1992
1998
2000
2003
2004
2009
2012
RA 9775Anti-Child
Pornography Act
RA 9995Anti-Photo and
Video Voyeurism
1992
1998
2000
2003
2004
2009
2012
RA 10173Data
Privacy Act
RA 10175Cybercrime
Prevention Act
CyberSecurity in the Philippines should be
divided according to its major CyberSecurityResponsibilities: Law Enforcement, Protection and National Defense
Law Enforcement
Network Protection
Intelligence Community
DOJ-NBIDILG-PNP
DICTCICC
NICA
DND / AFPNSC
National Defense
Identify CriminalsPreserve EvidenceProsecute
Disseminate BroadlyEnsure Timely Release
Defend the CountryProtect Military Networks
AttributionAdvise and Inform
Decision Makers
CommunityAgency/
Organization Emphasis
Cyber Security Maturity Model
Source: Presentation of Robert Lentz Former CISO US Department of Defense
Where are we now? Tools based Reactive / Manual
How do we get there? Crafting of the National CyberSecurity Strategy, Policies, Plans and Programs Establishment of NCERT and Implementation of
other Programs defined in the National Cybersecurity Plan
What do we want to achieve?Cyber Resilient Philippines
DRIVERS
Attacks to CIIBank Heist, Navigation Systems Manipulation,Control of Electronic Medical Equipment and Records,
Override of Oil and Gas Systems
Attacks toGovernment Infostructure
Hacking resulting in Data breachDefacement of PH Government Agencies
Websites
Sophistication of Cyber Attacks
APT, DDoS, SPAM, Spear Phishing,Social Engineering
Making Critical Infostructure(CII) Trusted and Secure
Making Government Information
Environment Secure
Making Businesses and Supply
Chains more Secure
Making Individuals Aware and
Secure
#CyberResilientPH
#CyberToughPH
#CyberAssurancePH
#CyberSafePH
National Targets:
To systematicallyharden CII forResiliency
To prepare and secure government ICT
Infostructure (Public and Military)
To raise awareness of cyber risk and use of security measures
among businesses to prevent andprotect, respond and recover from attacks
To raise awareness on cyber risks among users as they are
the weakest links, they need to adopt the right norms in
CyberSecurity
Develop CybersecuritySkills and Knowledge
(Human Capital)CISO sa Departamento
Promote CybersecurityDevelopment in
IndustriesNurture Cybersecurity
Research & Development
Strengthen CybersecurityDomestic and International
Collaboration
Public and Private Partnership
KeyENABLERS
Key Strategic Imperatives
Key Strategic Imperatives
Protection of Critical Infostructure
(CII)
Protection of
Government Networks
(Public and Military)
Protection of Businesses and Supply Chains
Protection of Individuals
Critical Infostructures
Computer Emergency Response Program
IncidentResponse
DigitalAnalytics
ActionableIntelligence
Early WarningSystem
Strategic CollaborationINTERNATIONAL
COLLABORATION Enhanced international law enforcement and
judicial cooperation against cybercrime-information sharing Law Enforcement Trainings Training for Judges and Prosecutors Increased public/private and interagency
information sharing in line with cybersecuritystandards Increased collaboration between and among
CERTs
NATIONAL LEVEL COMMITTEE
National Cybersecurity Inter-Agency Committee
Cybercrime Investigation and Coordination Center
PUBLIC PRIVATE
PARTNERSHIP
Public Private Partnership Forums
International Cooperation
Cyber Security JCSWG
ASEAN TELMINCyberSecurity
MalaysiaAPCERT
JAPAN-ASEAN
CyberSecurityWorking Group of ASEAN Defense
Ministers (ADMM)Bilateral Security and
Defense Partnership (USA)CAMP
BUDAPEST ConventionINTERPOLASEANAPOLEUROPOLUSDOJ
Cyber Crime
Q1 Q2 Q3 Q4
NCERT& GCERT
ComprehensiveCISO Program
NationalDatabase forMonitoring
And Reporting
CIIDatabase
Q1 Q2 Q3
RiskAssessmentEvaluation
Criteria
DatabaseOf Risk
AssessmentResults
Implementationof Cyber Training
Facilities Plan
Phase I Phase II
Phase III
Q4
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
ComprehensiveCERT Program
ComprehensiveProgram for
CybersecurityEducation
Cyber DrillsDatabase on
Analytics
Database for inventory ofphysical facilities, hardware,
software and people
Database ofCII National
RiskRegisters
Cyber TrainingFacilities
PlanDatabase ofVulnerability Assessment
Results
Audit results of CII that were
identified and prioritized during
Q4 2017
SEPTEMBER2018
JULY2018
JANUARY2017
DECEMBER2017
JANUARY2018
DECEMBER2018
2017 2018
Q1 Q2 Q3 Q4
Feasibility StudiesFor the Threat
Intelligence andOperations Center
Q1 Q2 Q3
Comprehensive Programfor Local and International
Cooperation
Phase IV Phase V
Phase VI
Q4
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
ComprehensiveProgram for Threat
IntelligenceAnd Operations Center
Audit results of Government
Agencies prioritized with critical systems
and frontline agencies (e.g. BID,
DFA, DOH, etc.)
Audit results of NGAs and LGUs that are connected to the
government networks (e.g. iGov PH)
SEPTEMBER2020
JULY2020
JANUARY2019
DECEMBER2019
JANUARY2020
DECEMBER2020
2019 2020
Tactical Work PlanN AT I O N A L C Y B E R S E C U R I T Y P L A N 2 0 2 2
12.08.2016
Launching of the NCSP 2022
01.23.2017
Round Table Discussion
Memorandum Circular
03.20.2017
National Cybersecurity Inter-Agency
Council (NCIAC) Meeting
05.02.2017
Publication of NCSP 2022Release of
Memorandum Circular
Quick Wins
Launch the NCSP 2022 Publish the NCSP 2022 Release a Memorandum Circular to implement NCSP 2022 Activate the National Computer Emergency Response Team (NCERT)
THANK YOU!